Hello all and personally
Nick,
In current CAdES wording a regular
signature without at least one signed attribute (Signing certificate
reference) cannot be added with timestamps and validation data to achieve
CAdES-T or more advanced CAdES signature. This need arises, e.g., in a system
with existing regular signatures. There is no chance to add the required
attribute to the already computed signature, but there is a strong need to add
CAdES properties to such signatures.
There is rather simple approach to achieve
the same properties without including signing certificate reference as a
signed attribute. Let us include this reference as an extension in the CAdES-T
timestamp (signature timestamp). To get such timestamp one would need to
include this extension in a timestamp request and a TSA would have to shift
this extension to a timestamp token.
Let us define the proposed extension to a
timestamp protocol and call the signature we get a valid CAdES-T signature.
More advanced CAdES signature types turn out from this new CAdES-T perfectly
without any modification. What do you think?
Pavel
Smirnov
Crypto-Pro
Tel./Fax: +7 495
780-4820
WWW: http://www.CryptoPro.ru
e-mail: spv@xxxxxxxxxxxx